Code Room
System designHardsd-g223
Subject Secrets managementLevel Senior–Staff~45 minCommon in Security interviewsIndustries Technology, Software development

Question

Design a secrets-distribution system for ~8,000 microservice instances that need database credentials, API keys, and TLS certs. Requirements: no long-lived secret ever sits in an env var or image; credentials rotate automatically; a leaked credential is useless within minutes; and a full audit trail of who/what accessed which secret. Static-secret reads peak at 30K/sec. Discuss dynamic (short-lived, on-demand) secrets vs rotating static secrets, how a service authenticates to the secrets service in the first place (the bootstrapping/'secret zero' problem), and the trade-off when the secrets service is down.

What a strong answer looks like

Clarify scale and constraints first. Propose a clean component breakdown, then go deep on the hard parts — data model, bottlenecks, consistency, failure modes — and name the trade-offs you are making.

Narrate your design
Loading whiteboard…
Run or narrate your approach, then ask the coach.